-
Notifications
You must be signed in to change notification settings - Fork 41
/
Copy path010-prepare-cos.sh
executable file
·50 lines (44 loc) · 1.72 KB
/
010-prepare-cos.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash
set -e
set -o pipefail
# include common functions
. $(dirname "$0")/../scripts/common.sh
if check_exists "$(ibmcloud resource service-instance $COS_SERVICE_NAME 2>&1)"; then
echo "Cloud Object Storage service $COS_SERVICE_NAME already exists"
else
echo "Creating Cloud Object Storage Service..."
ibmcloud resource service-instance-create $COS_SERVICE_NAME \
cloud-object-storage "$COS_SERVICE_PLAN" global || exit 1
fi
COS_INSTANCE_ID=$(get_instance_id $COS_SERVICE_NAME)
COS_GUID=$(get_guid $COS_SERVICE_NAME)
check_value "$COS_INSTANCE_ID"
check_value "$COS_GUID"
# Create the bucket
if ibmcloud cos head-bucket --bucket $COS_BUCKET_NAME --region $COS_REGION > /dev/null 2>&1; then
echo "Bucket already exists"
else
echo "Creating storage bucket $COS_BUCKET_NAME"
ibmcloud cos create-bucket \
--bucket $COS_BUCKET_NAME \
--ibm-service-instance-id $COS_INSTANCE_ID \
--region $COS_REGION
fi
EXISTING_POLICIES=$(ibmcloud iam authorization-policies --output JSON)
check_value "$EXISTING_POLICIES"
# Create a policy to make serviceID a writer for Key Protect
if echo "$EXISTING_POLICIES" | \
jq -e '.[] | select(.subjects[].attributes[].value=="is")' | \
jq -e -s '.[] | select(.subjects[].attributes[].value=="image")' | \
jq -e -s '.[] | select(.roles[].display_name=="Reader")' | \
jq -e -s '.[] | select(.resources[].attributes[].value=="cloud-object-storage")' | \
jq -e -s '.[] | select(.resources[].attributes[].value=="'$COS_GUID'")' > /dev/null; then
echo "Reader policy between VPC image service and COS already exists"
else
ibmcloud iam authorization-policy-create \
is \
cloud-object-storage \
Reader \
--source-resource-type image \
--target-service-instance-id $COS_GUID
fi